TOTP Reset

[DM...@simard.ca]

I was wondering if anyone else has some better ways to find and reset 
their totp users, other than just deleting them. Ie someone lost/broke a 
phone. For now it seems there is no interface to do this (1.0.0) 
This is what I have been doing, any better ways? This is with the TOTP 
plugin and mysql database.

1) - Find out the user_id of the person in question. Since I guess I dont 
have 10000 users this seems ok. It's a report that shows the name and user 
id along with if they are disabled and if they have enrolled yet or never 
even tried (NULL). this is good to know if a bunch of users have not 
bothered yet, as untill they enroll the account is open to hack. (forgive 
the messy mysql)

select t1.name, t2.user_id, t3.attribute_name, t3.attribute_value, 
t2.disabled 
from guacamole_entity t1, guacamole_user t2 left join 
guacamole_user_attribute t3 on t2.user_id=t3.user_id 
where t1.entity_id=t2.entity_id and ( 
t3.attribute_name="guac-totp-key-confirmed" or t3.attribute_name IS NULL 
);


2) - Update the Confirmed parameter so it prompts again. Not sure if this 
is the best way. maybe it still means their 'codes' will be the same as 
before. It's probablly best to also erase the secret key part but I dont 
do that here yet.

update guacamole_user_attribute set attribute_value='false' where 
attribute_name='guac-totp-key-confirmed' and user_id=2

--and that should end up with 1 row only changed!
""
Query OK, 1 row affected (0.03 sec)
Rows matched: 1  Changed: 1  Warnings: 0
""

and I guess you could do this before and after to see the changes...

select * from guacamole_user_attribute where user_id=2



/danielm